Security

A new report from BlackBerry shows that as our digital habits have changed over the past year cybercriminals have become increasingly successful at finding and targeting vulnerable organizations.

The greater adoption of digital offerings has exposed companies to inadequate protections for employees and customers amongst an ever-growing and under-secured attack surface.

Employees working from home on a company-provided computer are putting businesses at risk with one in four consumers admitting to using their work email or password to log in to consumer websites and apps such as food delivery, online shopping and even dating apps.

A new study from automation platform Ivanti surveyed 1,000 Americans working from home during the pandemic on a company-provided computer to examine how consumer and enterprise cybersecurity habits have changed.

After a year full of unknowns and new normals, knowledge is power. The spike in cyber breaches in the past year, compounded by COVID-related attacks, has only increased the importance of cyber threat intelligence (CTI) in the past year. The 2021 SANS Cyber Threat Intelligence survey, sponsored by ThreatQuotient, explores the state of play in the global use of CTI and outlines why the difficulties of the past year have contributed to the continued growth and maturity of CTI. 

The 2021 survey saw the number of respondents reporting they produce or consume intelligence rise by 7 percent, more notably, this was the first time the number of respondents without plans to consume or produce intelligence was 0 percent, down from 5.5 percent in 2020. Analyzed CTI helps organizations understand the capabilities, opportunities, and intent of adversaries conducting malicious cyber activities. In turn, this paints a picture about how threat actors are targeting an organization’s systems, information, and people. It is this contextual information that helps organizations and individuals respond to threats, understand risks, design better cyber defenses, and protect their organization. 

Ever tried explaining cybersecurity to someone who isn’t tech-savvy? Just last year, my 67-year-old mother came to me in a fluster because her laptop was hijacked by a full-screen pop-up that looked like ransomware.

Thank goodness I figured out the problem before it got worse. But when you can’t be there 24/7, how do you help those around you understand basic cybersecurity principles so they can stay safe online?

Entrepreneurial cybercriminals are operating as middlemen by breaching as many companies as possible and then selling on access to the highest bidder rather than infiltrating systems themselves.

New research from Digital Shadows reveals that these 'Initial Access Brokers' are flourishing during the pandemic as employees increasingly log in to systems remotely.

On average it takes 25 days for companies to fix cloud infrastructure misconfigurations, according to a new report from cyber resilience specialist Accurics.

The research highlights security risks identified in cloud native environments. It shows that even organizations that establish a secure baseline when infrastructure is provisioned will experience 'drift' over time, when configuration changes occur in runtime, and these take an average of eight days to fix.

The last quarter of 2020 saw a 10,000 percent increase in ransomware activity according to a new report from managed security services provider Nuspire.

The company's latest Year in Review Threat Landscape Report -- sourced from its 90 billion traffic logs -- outlines new cybercriminal activity and tactics, techniques and procedures.

The majority of CEOs and COOs view digital forensics as an afterthought to cybersecurity. In the eyes of many business leaders, it is just a clean-up process for a data breach or cyber attack. But if you establish an effective digital forensics and incident response (DFIR) program, you can begin to use digital forensics as a tool for both recovery and prevention.

While cybersecurity and digital forensics work hand-in-hand, their close relationship can often obfuscate their individual objectives. For instance, cybersecurity’s main goal is to reduce an organization’s exposure to cyber attacks while also preventing their success. Cybersecurity has become even more important over the last decade and a half as industry leaders make the transition to digital applications. This is particularly true of the healthcare and automotive industries who have been lacking in their cybersecurity and forensic preparedness.

Information security often focuses on what's going on within the enterprise perimeter, but as businesses invest more in executive communication programs, there are risks which are sometimes overlooked.

According to a new survey from SafeGuard Cyber oversight of executive social media use is lacking, record-keeping is often manual, and the responsibility for risk management isn't clear.

As more work has moved online the security security issues surrounding collaboration and video conferencing applications have been thrown into the spotlight.

StrikeForce Technologies is launching a new desktop privacy protection suite called PrivacyLok, designed to address the problem by preventing unwanted applications from accessing sensitive data while protecting users from a range of threats.

The supply chain attack involving SolarWinds software last year has caused ripples throughout the cybersecurity industry, not least because it went undetected for nine months.

The attack was able to bypass traditional email security by exploiting trusted communications routes between vendors and customers. A worrying new report from Abnormal Security shows that this technique is becoming a mainstream attack vector.

Greater emphasis on emotional intelligence and other skills required to work with different stakeholders is placing new demands on Chief Information Security Officers (CISOs) according to a new study.

But it's also creating opportunities for CISOs to become leaders of their organizations, according to the report from cyber security provider F-Secure, in conjunction with Omnisperience.

Almost 75 percent of security analysts are worried about missing out on alerts according to a new study carried out by IDC for FireEye.

The research, which surveyed 300 IT security managers and security analysts in the US, also shows that nearly half of the alerts security analysts receive are false positives, and almost a third get ignored.

The pandemic-driven shift to remote working has led cybercriminals to ditch many of their old tactics, and put a new emphasis on gathering intelligence and exploiting and preying on fears with targeted and sophisticated attacks.

The latest State of Malware report from Malwarebytes has found a major shift in the devices targeted and strategies deployed by cybercriminals.

Just days after the regular update release date of Patch Tuesday, Microsoft has released an out-of-band patch to address a problem with WPA3 connections in Windows 10.

The KB5001028 update is for Windows 10 version 1909, and it fixes a problem that caused blue screens and stop error 0x7E in nwifi.sys when using a WPA3 connection. Microsoft says that the problems arose after users installed the KB4598298 or KB4601315 updates.